| CVE-2026-30894 |
medium |
6.1 |
6.1 |
|
|
joomla |
8d ago |
Lack of output escaping leads to a XSS vector in the content history component. |
| CVE-2026-48903 |
medium |
6.1 |
6.1 |
|
|
joomla |
8d ago |
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components. |
| CVE-2026-35220 |
medium |
4.3 |
4.3 |
|
|
joomla |
8d ago |
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users. |
| CVE-2026-48905 |
medium |
6.1 |
6.1 |
|
|
joomla |
8d ago |
Lack of input filtering leads to an XSS vector in the HTML filter code. |
| CVE-2026-25901 |
medium |
6.1 |
6.1 |
|
|
joomla |
8d ago |
Lack of output escaping leads to a XSS vector in the multilingual associations component. |
| CVE-2026-48900 |
medium |
4.3 |
4.3 |
|
|
joomla |
8d ago |
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. |
| CVE-2026-25900 |
medium |
6.1 |
6.1 |
|
|
joomla |
8d ago |
Lack of output escaping leads to a XSS vector in the feed modules. |
| CVE-2026-30895 |
medium |
6.1 |
6.1 |
|
|
joomla |
8d ago |
Lack of output escaping leads to a XSS vector in the readmore links for com_content. |
| CVE-2017-16633 |
medium |
4.3 |
4.3 |
|
|
joomla |
9y ago |
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. |
| CVE-2015-5608 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. |
| CVE-2017-11612 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. |
| CVE-2017-9934 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. |
| CVE-2017-8057 |
medium |
5.3 |
5.3 |
|
|
joomla |
9y ago |
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. |
| CVE-2017-7989 |
medium |
6.5 |
6.5 |
|
|
joomla |
9y ago |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. |
| CVE-2017-7988 |
medium |
5.3 |
5.3 |
|
|
joomla |
9y ago |
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. |
| CVE-2017-7987 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. |
| CVE-2017-7986 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. |
| CVE-2017-7985 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. |
| CVE-2017-7984 |
medium |
6.1 |
6.1 |
|
|
joomla |
9y ago |
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. |
| CVE-2017-7983 |
medium |
5.3 |
5.3 |
|
|
joomla |
9y ago |
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. |
| CVE-2015-8563 |
medium |
— |
6.8 |
|
|
joomla |
11y ago |
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecifie… |
| CVE-2015-7899 |
medium |
— |
5.0 |
|
|
joomla |
11y ago |
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-7859 |
medium |
— |
5.0 |
|
|
joomla |
11y ago |
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-6939 |
medium |
— |
4.3 |
|
|
joomla |
11y ago |
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-5397 |
medium |
— |
6.8 |
|
|
joomla |
11y ago |
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl… |
| CVE-2012-2413 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/… |
| CVE-2014-7983 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-7982 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-7229 |
medium |
— |
5.0 |
|
|
joomla |
12y ago |
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. |
| CVE-2014-6631 |
medium |
— |
4.3 |
|
|
joomla |
12y ago |
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-5955 |
medium |
— |
4.3 |
|
|
purplebeaniejoomla |
12y ago |
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary p… |
| CVE-2013-5953 |
medium |
— |
4.3 |
|
|
codepeoplejoomla |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote at… |
| CVE-2013-5952 |
medium |
— |
4.3 |
|
|
codologicjoomla |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via t… |
| CVE-2014-0793 |
medium |
— |
5.3 |
EXP |
|
stackideasjoomla |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1… |
| CVE-2014-0794 |
medium |
— |
5.3 |
EXP |
|
joomla |
13y ago |
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.… |
| CVE-2013-5583 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Joomla! Cross-site Scripting vulnerability |
| CVE-2013-5576 |
medium |
— |
7.8 |
EXP |
|
joomla |
13y ago |
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended … |
| CVE-2013-3719 |
medium |
— |
4.3 |
|
|
algisinfojoomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3534 |
medium |
— |
4.3 |
|
|
algisinfojoomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3267 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
| CVE-2013-3242 |
medium |
— |
6.5 |
EXP |
|
joomla |
13y ago |
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use… |
| CVE-2013-3059 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… |
| CVE-2013-3058 |
medium |
— |
4.3 |
|
|
joomla |
13y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3057 |
medium |
— |
4.0 |
|
|
joomla |
13y ago |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. |
| CVE-2013-3056 |
medium |
— |
4.0 |
|
|
joomla |
13y ago |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vecto… |
| CVE-2013-1455 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable." |
| CVE-2013-1454 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors." |
| CVE-2012-6514 |
medium |
— |
4.3 |
|
|
netshinesoftwarejoomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act… |
| CVE-2012-1599 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate… |
| CVE-2012-5827 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." |
| CVE-2012-4532 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web scrip… |
| CVE-2012-4531 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5455 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a … |
| CVE-2011-4911 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. |
| CVE-2011-4910 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| CVE-2011-4909 |
medium |
— |
5.3 |
EXP |
|
joomla |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi… |
| CVE-2012-5232 |
medium |
— |
4.3 |
|
|
mediafirejoomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1117 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1612 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-1611 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup… |
| CVE-2012-0837 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." |
| CVE-2012-0836 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. |
| CVE-2012-0835 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." |
| CVE-2012-0822 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… |
| CVE-2012-0821 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. |
| CVE-2012-0820 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than… |
| CVE-2012-0819 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. |
| CVE-2011-5148 |
medium |
— |
7.8 |
EXP |
|
wasenjoomla |
14y ago |
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file… |
| CVE-2011-5134 |
medium |
— |
6.0 |
|
|
widgetfactorylimitedjoomla |
14y ago |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arb… |
| CVE-2012-4256 |
medium |
— |
5.0 |
|
|
joobijoomla |
14y ago |
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. |
| CVE-2012-4235 |
medium |
— |
5.0 |
|
|
rsgallery2joomla |
14y ago |
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for … |
| CVE-2012-4071 |
medium |
— |
4.3 |
|
|
joomlarsgallery2 |
14y ago |
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker… |
| CVE-2012-3829 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. |
| CVE-2012-3828 |
medium |
— |
4.3 |
|
|
joomla |
14y ago |
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. |
| CVE-2012-2748 |
medium |
— |
5.0 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." |
| CVE-2012-2902 |
medium |
— |
6.0 |
|
|
ryan_demmerjoomla |
14y ago |
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows rem… |
| CVE-2012-2901 |
medium |
— |
4.3 |
|
|
ryan_demmerjoomla |
14y ago |
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the… |
| CVE-2012-1018 |
medium |
— |
5.3 |
EXP |
|
dmackmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… |
| CVE-2011-5004 |
medium |
— |
6.0 |
|
|
fabrikarjoomla |
15y ago |
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbit… |
| CVE-2011-4809 |
medium |
— |
5.3 |
EXP |
|
joomlaextensionsjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) l… |
| CVE-2011-4804 |
medium |
— |
6.0 |
EXP |
|
fooblajoomla |
15y ago |
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to i… |
| CVE-2011-4332 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2011-4321 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vector… |
| CVE-2010-5048 |
medium |
— |
5.3 |
EXP |
|
joomlatunejoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web scr… |
| CVE-2010-5044 |
medium |
— |
7.0 |
EXP |
|
kanichjoomla |
15y ago |
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQ… |
| CVE-2010-5043 |
medium |
— |
7.0 |
EXP |
|
blueconstantmediajoomla |
15y ago |
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editI… |
| CVE-2010-5042 |
medium |
— |
5.3 |
EXP |
|
blueconstantmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in … |
| CVE-2010-4971 |
medium |
— |
5.3 |
EXP |
|
videowhisperjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. |
| CVE-2010-4949 |
medium |
— |
5.3 |
EXP |
|
evnixjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary… |
| CVE-2010-4928 |
medium |
— |
5.3 |
EXP |
|
photoindochinajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a… |
| CVE-2011-3747 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmai… |
| CVE-2010-4838 |
medium |
— |
7.0 |
EXP |
|
extensiondepotjoomla |
15y ago |
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the a… |
| CVE-2010-4837 |
medium |
— |
5.3 |
EXP |
|
extensiondepotjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title fie… |
| CVE-2011-2892 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web … |
| CVE-2011-2891 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a differe… |
| CVE-2011-2890 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving th… |
| CVE-2011-2889 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, lead… |
| CVE-2011-2710 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable throug… |
| CVE-2011-2509 |
medium |
— |
4.3 |
|
|
joomla |
15y ago |
Joomla! vulnerable to Cross-site Scripting |
| CVE-2011-2488 |
medium |
— |
5.0 |
|
|
joomla |
15y ago |
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. |
